package com.wanxi.springboot.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/css/**", "/js/**", "/fonts/**").permitAll() //都可以访问
                .antMatchers("/users/**").hasRole("ADMIN") //需要相应的角色才能访问
                .anyRequest().authenticated() // 任何请求都需要认证
                .and()
                .formLogin(); //基于Form表单登录验证
//                .and()
//                .userDetailsService(userDetailsService);
    }
    //   这是将用户存入内存的第一种方式
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication() //认证信息存储到内存中
            .passwordEncoder(passwordEncoder())
            .withUser("user").password(passwordEncoder().encode("123456")).roles("ADMIN")
            .authorities("wx:product:read","wx:product:delete");
}

//   这是将用户存入内存的第二种方式
    @Override
    public UserDetailsService userDetailsServiceBean() throws Exception {
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
        manager.createUser(new User("niko",passwordEncoder().encode("123456"),     AuthorityUtils.createAuthorityList("wx:product:read","wx:product:delete")));
        return manager;
}

//   这是密码加密解密器 可以用于加密密码也可以用户对比原始密码与加密密码，你只需暴露，security会将你暴露的passwordEncoder 作为默认的
    //   passwordEncoder.encode()  用于加密密码
    //   passwordEncoder.matchs(原始密码，加密密码)  对比原始密码与加密密码
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}